Cyber-criminal activity and especially ransomware attacks are on the rise. According to a report from the FBI’s Internet Crime Complaint Center, “From January to July 31, 2021, the [Center] received 2,084 ransomware complaints with over $16.8M in losses, a 62 percent increase in reporting and 20 percent increase in reported losses compared to the same time frame in 2020.” How prevalent are these attacks, what industry sectors are prime targets and what can you do to protect your organization and your data? We will discuss these important topics in this issue of LTO BlogBytes. Let’s go.
WHO IS VULNERABLE?
Cyber criminals are increasingly targeting large and financially capable organizations and those providing critical services in the hopes of attaining higher ransom payments. Although no organization is immune from an attack, according to a SearchStorage article the top ten industries experiencing ransomware incidents include education, retail, business professional and legal services, central government and healthcare. For example, Ireland’s National Health Service became another ransomware casualty in May, 2021, that required all hospital computer systems to shutdown totally disrupting patient care. Victims of a ransomware attack could have systems immobilized and data encrypted with a ransom demanded by a certain timeframe with the threat of higher ransom amounts, publically revealing sensitive information or the destruction of data if demands are not met.
HOW DO ATTACKS OCCUR?
As noted by the FBI, “although cyber criminals use a variety of techniques to infect victims with ransomware, the two most prevalent initial access vectors are phishing and brute forcing unsecured remote desktop protocol (RDP) endpoints.” Phishing is typically used in the form of an email disguised as being from a reputable organization or person that entices the receiver to take action (e.g. click a link) that enables criminal access to the victims system. Attackers may use RDP to remotely connect to the desktop of a system from anywhere in the world.
WHAT CAN YOU DO?
There are a number of actions that an organization can take to prevent or limit the damage from a cyberattack. The FBI’s Internet Crime Complaint Center suggests that “organizations engage in preemptive threat hunting on their networks. Threat hunting is a proactive strategy to search for signs of threat actor activity to prevent attacks before they occur or to minimize damage in the event of a successful attack.” In addition, the FBI recommends:
- Make an offline backup of your data
- Do not click on suspicious links
- If you use RDP—or other potentially risky services—secure and monitor
- Update your OS and software; scan for vulnerabilities
- Use strong passwords and multi-factor authentication
- Secure your networks and user accounts
- Have an incident response plan
AIR GAP NOW!
Let’s discuss the number one recommendation – make an offline backup of your data. The odds are that most companies will be cyberattacked sooner or later. Data, the lifeblood of an organization, must be protected. An offline copy of sensitive information is essential. LTO technology is inherently offline. That is, a data cartridge removed from the drive, which is then physically offline, creates an air gap between the data and the system preventing cyber access. Furthermore, a cartridge stored remotely can also protect data from on-site disasters such as fires, floods and hurricanes. In the event of an attack or disaster the offline and offsite tape protected data can be used to recover.
Suffice it to say, most organizations will experience some form of malware or cyberattack. Plan ahead, take precautions, educate employees and use the ultimate in data protection – LTO technology. See how LTO tape can fight against cybercrime in this short video.